Welsh Government
ICT Strategy 2018 – 2021
Version 1.0
February 2018
Owner: Crispin O’Connell, Chief Technology Officer
Table of Contents
1. Foreword ............................................................................................................. 4
2. Vision ................................................................................................................... 6
3. Executive Summary ............................................................................................. 7
3.1 Strategic Priorities ......................................................................................... 7
3.2 Board Decision .............................................................................................. 9
3.3 ICT Strategic Principles ............................................................................... 10
3.4 Purpose ....................................................................................................... 10
4. Context .............................................................................................................. 11
4.1 Overview ..................................................................................................... 11
4.2 Challenges .................................................................................................. 13
4.3 Well-being of Future Generations Act ......................................................... 13
4.4 User Application Delivery ............................................................................ 14
4.4.1 Current Situation ................................................................................... 14
4.4.2 Future Strategy ..................................................................................... 15
4.4.3 Infrastructure Impact of Moving from Citrix to Rich ............................... 15
4.4.4 The Journey to Rich Client ................................................................... 16
4.5 User Types .................................................................................................. 20
4.6 User Packages ............................................................................................ 20
4.7 Operating System Strategy ......................................................................... 22
4.8 Software Strategy ........................................................................................ 22
4.9 Datacentre Strategy .................................................................................... 22
4.10 Remote User Authentication – Stratus 2 .................................................. 23
4.11 Application Strategy ................................................................................. 24
4.12 Supplier Strategy ..................................................................................... 25
4.13 Telephony ................................................................................................ 25
4.14 Print Strategy ........................................................................................... 25
4.15 Assisted Users ......................................................................................... 25
5. Strategic Workstream 1 - Transformation .......................................................... 27
5.1 Aims and Principles ..................................................................................... 27
5.2 Internal ICT Capability ................................................................................. 27
5.2.1 Current Arrangements .......................................................................... 27
5.2.2 Support Strategy ................................................................................... 27
5.2.3 Migration Timeframes ........................................................................... 28
5.3 Target Operating Model .............................................................................. 29
6. Strategic Workstream 2 - Governance ............................................................... 33
6.1 Governance Procedures Overview ............................................................. 33
6.1.1 The Solution Design Authority (SDA) ................................................... 33
6.1.2 Comprehensive Portfolio Management................................................. 33
3
6.1.3 Project Management Structures ........................................................... 33
6.1.4 Programme and Project Governance ................................................... 34
6.1.5 Methodologies ...................................................................................... 34
6.2 ICT Asset Management .............................................................................. 35
6.3 ICT Financial Management ......................................................................... 35
7. Strategic Workstream 3 – Organisation ............................................................. 37
7.1 Current Arrangements ................................................................................. 37
7.2 Development of Internal Capability ............................................................. 37
7.3 Support Strategy ......................................................................................... 38
8. Strategic Workstream 4 – Corporate ICT ........................................................... 41
8.1 Overview ..................................................................................................... 41
9. Strategic Workstream 5 – Departmental Business Systems .............................. 42
9.1 Overview ..................................................................................................... 42
10. Appendix A - Glossary of Terms ..................................................................... 43
11. Appendix B – Current Network Topology ....................................................... 46
12. Appendix C - User Types ............................................................................... 48
13. Appendix D – Strategic Case Options ............................................................ 50
Table of Figures
Figure 1 - ICT Vision .................................................................................................. 7
Figure 2 - Welsh Government ICT Strategic Principles ............................................ 10
Figure 3 - Current Situation ...................................................................................... 17
Figure 4 - Phase 1 - Journey to Rich Client .............................................................. 18
Figure 5 - Phase 2 - Decommission on-premise Citrix ............................................. 19
Figure 6 - Phase 3 - a Cloud-based organisation ..................................................... 20
Figure 7 - Application Strategy ................................................................................. 24
Figure 8 - ICT Service Delivery Model ...................................................................... 28
Figure 9 - Migration Timeline .................................................................................... 29
Figure 10 - Target Operating Model – Technical ...................................................... 30
Figure 11 - Transition of Atos Services to WG ......................................................... 37
Figure 12 - Target Operating Model ......................................................................... 39
Figure 13 - Future ICT Team Functional Diagram .................................................... 40
Figure 14 - Welsh Government Network Topology................................................... 46
1. Foreword
Established by the Government of Wales Act 2006, the Welsh Government is the
devolved Government for Wales. It develops and implements policies, makes
decisions and ensures delivery in respect of the areas devolved to us and proposes
and makes Welsh laws and subordinate legislation. It is elected by the people of
Wales to deliver a programme for Government.
The Welsh Government is headed by the First Minister of Wales with the Cabinet as
the main decision making body.
The Welsh Government Civil Service supports the Welsh Government. We have a
work force of 5,500 people, who work in out office across Wales and further afield.
ICT Background
The ICT systems that support the Welsh Government have developed and grown
since the earliest days of devolution. The ICT has been delivered through a variety
of contractual arrangements. The current Merlin framework was introduced as a 10
year framework in 2004. It aimed to deliver Business Change capability alongside a
sustainable service model and involved three main suppliers, Siemens Information
Systems, Cap Gemini and PA Consulting.
In 2014 the framework was extended for a further 5 years with key changes. First
the external partnership was with ATOS and Cap Gemini, in addition the contract
was reframed to enable transition away from the services provided during the
contract lifetime, including moves of key services toward cloud based technologies
which were emergent in 2014.
During the period of the Merlin contract, substantial centralisation has occurred –
previously there were many servers and systems operating in different offices
throughout the Welsh Government estate, supported by different groups and
individuals. The vast majority of these systems have been centralised and are
supported under common and documented arrangements. They have also been
made “Cloud Ready” in anticipation of the advent of cloud services for government.
The user experience has also substantially improved, with the use of thin client
technology enabling a common desktop for users.
The federated nature of government business has led to different business units
undertaking diverse business functions supported by multiple applications.
Therefore, the complexity of unifying our infrastructure onto a single platform and
migrating to a new ICT vendor would previously have been significant. However,
with the advances in technology, and the accreditation of Cloud Services to securely
host government data, many of these complexities have been reduced. This, in co-
5
ordination with the end of the Merlin contract in 2019 provides a convincing
argument for change.
In parallel, austerity and the likelihood of further budget reductions for Welsh
Government would mean a move to a less expensive ICT Service model in terms of
both capital and revenue would be beneficial. This, however will bring challenges in
terms of how we fund ICT as the requirement for Capital funding diminishes and
revenue funding increases, a challenge which many in the Public Sector will face.
This strategy details the ICT Roadmap for this new organisation for the next five
years, aligning our organisation with wider Public Sector strategies, developing our
internal capabilities and removing our dependence on the Merlin contract for ICT
Service.
Strategy documents should be living and breathing documents, rather than filed
away and forgotten about, or produced as a means to tick a box; this document
should serve to inform and reassure the business that ICT will meet its needs over
the coming years, and provide direction to those working on ICT enabled projects.
As business drivers or political focus changes, this document should be updated, re-
circulated and agreed, in order to provide a contextual direction at any given time.
2. Vision
This strategy will equip the Welsh Government with a modern, flexible infrastructure
that will support the organisation and its users, enabling us to fulfil our functions over
the next five years and beyond. The ICT marketplace has changed substantially
over the last few years, as has UK government policy regarding ICT; this strategy
reflects those changes, embracing cloud technologies which will help us move away
from on-site infrastructure and aim to allow our users to access systems anytime,
from anywhere.
This document also details our migration away from physical infrastructure and our
current ICT arrangements (provided under the contract known as Merlin).
This migration and strategy has been informed by gaining a better understanding of
our users and their ICT needs going forward, which will enable us to provide a
performant, resilient infrastructure, to help our staff be the best they can be.
Another key principle of this strategy, is to provide internal ICT provision. This
means that we will look after our ICT ourselves and in order to do this we need to
make sure we have the skills, capability and capacity to do so – the roadmap for
achieving this is detailed herein. The outcome of this, will be that we have WG staff
providing ICT support to WG users which means a greater understanding of
business priorities when dealing with ICT issues. It also means more, good quality
jobs for people in Wales.
In keeping with the Wellbeing of Future Generations Act, we will continue to embrace
digital communications – using collaborative tools to enable staff to better interact
with each other regardless of location and reducing the need for travel and face to
face meetings.
We will also further enable our Flexible Working approach, by providing our staff with
faster, more modern and more flexible equipment to allow them to access ICT on the
move where necessary whilst retaining appropriate security controls safeguarding
our data and systems.
Finally, but most importantly - this strategy must meet the needs of the business to
deliver Ministerial priorities and the Programme of Government, therefore it must be
reviewed by colleagues from different functions across the organisation on a regular
basis, to ensure that as the shape, function and direction of the business changes,
ICT will continue to adapt to support it.
3. Executive Summary
3.1 Strategic Priorities
The ICT Strategy’s main aims are:
To enable WG to meet its current and future priorities
To enable and encourage flexible working patterns
To provide a better experience and level of customer care for all users
To migrate to modern, more cost efficient and environmentally friendly
technologies and devices
To provide a secure, resilient infrastructure platform which we can build upon
in the future
In order to achieve these aims, there are five main work streams as illustrated and
described below:
Figure 1 - ICT Vision
Transformation – This is the move from physical systems and from externally
provided ICT, to cloud based systems and internally provisioned ICT
8
Governance – The introduction of new governance around ICT, both from a project
and a day-to-day running perspective
Organisation – The development of the WG capability and capacity needed to run
the ICT service post 2019, built upon the foundations of the existing ICT Team.
Corporate ICT – Once our new platforms are provisioned we need to look at the
main, critical applications we use across the organisation and re-evaluate how
suitable they are going forward
Departmental – For our applications used in specific areas of the business, we need
to understand the likely future requirements and ensure they are accommodated
within the strategy.
These work streams are detailed from Section 4 onward.
3.2 Board Decision
During November 2017 The Future ICT Team presented Strategic Options to the
Board which comprised a comprehensive set of options. Out of these options the
board decided that Option 4 in the short to medium term was the preference, with a
longer term move to Option 2.
The options were as follows:
Short to Medium Term: Option 4 - Internal ICT with outsourced functional
services
This is a hybrid model whereby WG ICT retains control of key functions and delivery
and considers outsourcing where potentially beneficial. This option is proposed to
follow a service integration delivery model, with WG ICT being the service integrator.
This model looks at identifying which functions within the ICT operating model can
be retained and which can be outsourced and use a Service Integration and
management model to deliver services back to the organisation. It allows a steady
growth in in-house service adoption with increasing maturity level, whilst keeping
control of core processes and enabling automation and standardisation where fit for
purpose.
Longer Term: Option 2 - Centralised ICT Services
This operating model is typically used for the purpose of controlled IT budget,
standardisation of processes and technologies and a single point for delivery of the
IT strategy to meet the organisational goals. Within this model, all of the IT functions
for Welsh Government would meet as a single IT service internal to WG, under a
centrally controlled budget for all IT services and assets (including Hardware,
Software, staff, etc.).
The full options list can be found in Appendix D – Strategic Case Options.
10
3.3 ICT Strategic Principles
The following Strategic Principles have been agreed by representatives from across
the organisation, via the Solution Design Authority and presented to Operations
Committee.
Figure 2 - Welsh Government ICT Strategic Principles
3.4 Purpose
The ICT Strategy will provide the roadmap, direction and guidance for ICT
developments within Welsh Government for the next 5 years. The document will be
periodically reviewed and updated in order to maintain it’s context and relevance.
11
4. Context
4.1 Overview
The Welsh Government is at a transitional point in time with regard to its ICT
Infrastructure; its framework agreement, known as Merlin, which has provided ICT
Services to the organisation for over a decade is due to expire in January 2019.
Consequently, the Welsh Government needs to put in place successive
arrangements to ensure not only continuity of service, but to also provide greater
capability to meet the demands of an increasingly digital world. The emergence of
Cloud technologies and the portability and security of modern devices also means
that ICT can now underpin our aspirations with regard to the agility of our staff and
flexible working more widely.
As it stands, a substantial portion of our physical infrastructure (servers, SANs,
network equipment) is approaching being out of warranty or beyond “end of life”.
This means that in order to safeguard ongoing service, a substantial capital
investment is required. Indeed, with physical infrastructure, this capital investment
cycle is an ongoing feature of ICT. The option now available to organisations such
as ourselves is to move our systems into the Cloud. Whilst clearly there are
transition costs involved in moving any ICT infrastructure, the lower costs of Cloud
based services mean that savings will be realised in a fairly short term after the
move. Further to this, Cloud services do not need ongoing capital investment cycles
for server and datacentre infrastructure, as the Cloud vendor reinvests in their overall
infrastructure as necessary, meaning that our servers are continually kept up to date.
Resilience of Cloud systems is also considerably greater than the resilience we
could afford to purchase as a single entity; the premise of Cloud is that the benefits
of scale of hosting multiple organisations within the same datacentre (although
entirely segregated) can more affordably provide enhanced capability to deliver
ongoing service even during substantial infrastructure failures. The availability of
these services from the Cloud, are typically supported by a financially backed SLA
(Service Level Agreement), which means that in the instance of outage, which is
typically less frequent than with standard infrastructure, then WG would be refunded
monies in line with the scale of the service and the duration of the outage.
In line with a number of public sector bodies such as Northern Ireland Executive,
Natural Resources Wales, Companies House and DVLA), Welsh Government will
provide its own ICT service as a replacement, utilising SME vendors for 3rd line
support as well.
This involves the augmentation of the current ICT Team (currently responsible for
managing the Merlin BAU (Business As Usual) contract) to create a fully fledged ICT
Service and project delivery capability. This enhanced capability will require a
12
combination of up-skilling of existing staff, recruitment of new staff, apprenticeship
and graduate schemes and some potential TUPE on contract end – resulting in an
increased headcount.
As services will be migrated from Merlin to WG ICT gradually during the period up to
the contract end point, this enhanced capability will also need to be grown in a
gradual fashion, to ensure readiness for the services as they are transitioned to the
responsibility if the WG.
One of the primary focusses of the Future ICT Replacement programme is to ensure
Business Continuity throughout this transition period, ensuring that the organisation
can continue to function at least as effectively, regardless of systems being moved to
the Cloud, or services being transitioned to WG.
This document will also cover WG’s ICT Strategy at the end of the Merlin contract,
and will detail how we will best leverage our new Cloud based infrastructure for the
benefit of the organisation, Wales’ citizens and other stakeholders.
It is recognised that ICT exists to serve the business need, consequently it is
imperative that ICT is represented at the highest level within the organisation; every
single task we undertake as a government is underpinned by ICT therefore we must
recognise its importance.
We will also ensure we aim to meet the needs of all our users from within central ICT
regardless of their location or any additional assistance software or equipment they
require. Due to the security requirements of the GSi (Government Secure Intranet),
mobility of staff ICT has been limited. The new roadmap will enable much greater
mobility of staff and will provide the ability to use modern devices such as tablets and
smartphones virtually anywhere.
We will aim to ensure that we comply with the Welsh Language Act, and the new
Welsh Language Standards in the choices we make regarding our systems and
infrastructure.
4.2 Challenges
The Welsh Government needs to prepare for the end of the Merlin contract in 2019
and to achieve ongoing service it needs to develop its own ICT capability. In the
meantime, a transition programme has been set up which will move the majority of
WG’s applications to the Cloud, and in doing so reduce complexity and total cost of
ownership. As applications are transitioned from legacy physical infrastructure to the
Cloud, responsibility for their ongoing service will transfer to the new WG ICT team.
This means that between now and contract end, their will be a gradual glide path
downward of services taken care of via the Merlin contract.
It is anticipated that due to the reduced total cost of ownership of Cloud, that savings
will be made which can be re-invested in providing better customer service to staff.
Long term contracts do not typically deliver optimal levels of innovation, value for
money or change. A factor of this is evident in that we are bound to use legacy
waterfall based methodologies, which often make new innovative style developments
not possible as there is no provision within the Merlin contract for small AGILE based
developments. Consequently, it could be viewed that the flexibility and adaptiveness
of the current WG systems has been limited over the past few years. We have also
been constrained by the GSi (Government Secure Intranet) CoCo (Code of
Connection) as this has robust rules regarding our connectivity to external services
and our internal controls. Moving away from this model whilst providing us with
greater opportunities to innovate and to share date more widely with external
stakeholders, also presents challenges in terms of cyber security and ensuring our
sensitive data is protected appropriately. It is important therefore that WG develops
additional capability in the area of cyber security in order to leverage the benefits of
greater flexibility, safely.
4.3 Well-being of Future Generations Act
In 2015, the Welsh government introduced the Well-being of Future Generations Act.
The Act will ensure public bodies think more about long term outcomes and impacts,
work better with people and communities and each other, look to prevent problems
and take a more joined-up approach.
It expects public bodies in Wales will:
work together better
involve people reflecting the diversity of our communities
look to the long term as well as focusing on now
take action to try and stop problems getting worse - or even stop them
happening in the first place.
14
With this is mind, this Strategy in particular aims to produce a low carbon,
sustainable ICT estate which meets the meets of all its users. Our move toward
cloud technologies means we can move away from the need to have our own
physical datacentres, and share facilities with many other organisations, benefitting
from the much larger scale and much more modern cooling and power technologies.
In the workplace itself, the use of modern devices will enable both flexible and
collaborative working, allowing conferencing from the desktop, better working from
home and overall, a reduced need for travel.
4.4 User Application Delivery
4.4.1 Current Situation
Over the last decade, WG has invested substantially in the Citrix platform which is
able to deliver Windows based desktops to a variety of devices. The “computing” is
undertaken on the Citrix servers themselves within the datacentre, and the
consuming device can therefore be very low cost and very low in power
consumption. An additional benefit is that the majority of network traffic is between
the Citrix Servers and WG’s other application servers which are within the same
datacentre. In a traditional Rich Client model (where users have a normal PC on
their desktop), traffic is between the client (i.e. the desktop) and the application
servers themselves, which can mean larger network capacity is needed and also
users may notice greater latency (slow response times) when accessing
applications, particularly from remote sites. Having a standardized Citrix based
desktop also means that users can easily log in to any thin client device located
across the estate, as they are identical and do not hold any user information, which
has enabled a much more flexible working method to be adopted and a simple
deployment of hot-desking capability across the estate.
Historically, using rich clients would have inhibited this capability, as a user’s profile
would have need to have been copied to the client machine, which can result in
storage issues as multiple client profiles could end up residing on a machine. The
other issue this causes, is where users’ profiles become large, as this can have a
substantial network impact particularly at times when many users are logging on (i.e.
between 8am and 9 am).
To contrast, Citrix deployments require a large amount of server power in the
datacentre – each Citrix server in WG is capable of hosting between 40 and 50 user
desktops at any given moment, meaning that well over 100 Citrix servers would be
required to service the WG’s user base – and that is before any resilience is factored
in. These servers need to be replaced on a 5-7 year cycle which requires substantial
capital investment, as well as ongoing maintenance throughout the period.
15
In WG, the adoption of Citrix has meant that “Thin Client” devices have been most
widely used across the estate, which has allowed a broadly standardised desktop to
be delivered to all users across the estate. Additionally “Citrix Receiver” technology
is used to provide remote access to users from laptops and iPad devices. This
technology essentially turns a Rich Client device temporarily into a thin client device,
meaning no data is stored locally and WG security requirements can be upheld
regardless of the consuming device.
It should be noted, that some of the estate’s assisted users are unable to use thin
client devices, as their assistance software does not function very well with Citrix. As
a consequence, we have a number of users who remain on rich client devices.
Whilst WG has benefitted substantially from the standardization of the desktop,
technology has moved on substantially since its introduction, as has user
expectation regarding devices. Similarly, Cloud based technologies have emerged,
and in this context we need to review the user delivery model within WG, ensuring
we can meet modern requirements of mobility and flexibility, whilst not losing the
benefits of our Citrix investment over the last few years. It is also critical that we
provide the same level of service for all our users across the estate, regardless of
their assistive technology requirements.
4.4.2 Future Strategy
Citrix will continue to be used for much of the migration phase and the desktop will
remain the same, meaning that initially users will not notice the application servers
being moved into the Cloud as the user experience will be almost identical. In most
instances, as servers are being replaced with new Cloud based virtual machines,
users should instead notice an uplift in performance as the new servers will be
replacing, in some instances, servers that are beyond end of life out of support, with
brand new hardware. As more applications are moved into the cloud and the Citrix
infrastructure ages, we will in tandem start to rollout traditional Rich Client PC’s to
desktop users and create a cloud based Citrix infrastructure. Citrix will continue to
be used for supporting our BYOD (Bring Your Own Device) service called Stratus
and supporting thin client users until they are migrated. The cloud based Citrix
environment will also provide the organisation with a much greater level of resilience
than we have currently and allow us to start the process of decommissioning DC2.
4.4.3 Infrastructure Impact of Moving from Citrix to Rich
As rich clients are rolled out across the estate, there will be an impact upon the
infrastructure required to support the user base; whilst Citrix diminishes, we will need
to implement a service to store a user’s profile (all their desktop settings and any
specific files or applications) to ensure that when they log in to a different machine,
they will have the same experience. The adoption of this methodology (known as
16
“roaming profiles”) means that when a user logs into a new machine, their profile is
downloaded from a central service onto the local device. This means that as well as
there being a storage requirement in the datacentre to hold these roaming profiles
there is also a network impact upon logon; if many users logon in a similar timeframe
this could potentially impact upon network performance, particularly in remote sites
where bandwidth may be limited. Whilst technology has greatly improved in this
area, particularly in the efficiency of the delivery of the user’s profile and the increase
in our network, we will still need to implement a number of constraints in order to
ensure that the storage used in a user’s profile is minimised – this is also in line with
our record keeping policy, as all corporate information ought to be stored within
iShare, or the relevant business application.
4.4.4 The Journey to Rich Client
The process to successfully transition to Rich client will be undertaken over a
number of years and three distinct phases.
The Current model of operation below, illustrates how the estate currently delivers
applications to a number of different devices for users, dependent on their needs;
typically Thin Client is the standard across the estate, with approximately 5000
devices currently available for staff to use. There are also approximately 1200 Rich
Client devices (including laptops), used by staff with additional needs that cannot be
serviced by Rich Clients and Citrix, such as higher power processing requirements
or Assistive Technology usage. The Rich Clients used a legacy VPN technology
called XKrpytor to connect. There is also a BYOD capability, which uses Citrix to
deliver a traditional desktop to a user’s personally owned iPad device.
Approximately 2500, Corporate Stratus Laptops have also been distributed to staff,
and these use Stratus as a gateway to access the Citrix environment
Current Situation
At time of writing, the current method of application delivery is achieved as
illustrated. Key points are:
The majority of the estate access Citrix on a day to day basis via a thin client
Power users and Assisted Technology users use a Rich Client with locally
installed software and profiles
Stratus Laptops provide remote Citrix access
Personally owned tablets and some corporate tablets access Citrix via Stratus
Citrix is delivered from our two main datacentres DC2 and DC3
Figure 3 - Current Situation
Phase 1 – Establish Cloud Citrix Capability and new devices
During this phase, we will build a new Citrix environment in DC4 and enable our
Stratus 2 authentication model. The Citrix Cloud environment will be provide a
Windows 10 and Office 2016 user experience, as will the new rich client devices.
Users yet to be migrated will be able to choose whether to access the old Citrix
environment or the new cloud based Windows 10 Citrix environment from their thin
client. Stratus too will be introduced (see Remote User Authentication – Stratus 2)
which will replace our legacy authentication mechanisms and allow us to
decommission stratus and xKryptor and our old GSi laptops.
Figure 4 - Phase 1 - Journey to Rich Client
Phase 2 – Decommission On-Premise
During this phase, DC2 can be decommissioned in it entirety and there will no longer
be an on-premise Citrix requirement. At this point, all staff will be on Windows 10
and office 2016.
Figure 5 - Phase 2 - Decommission on-premise Citrix
Phase 3 – Cloud based organisation
In Phase 3 – We will have completed all Rich Client rollouts, which will then mean
we no longer have a Citrix requirement. In turn, we can then decommission all our
ageing thin client estate, stratus laptops, turn off our BYOD solution and
decommission Citrix Cloud.
Figure 6 - Phase 3 - a Cloud-based organisation
4.5 User Types
A substantial study was undertaken of how individuals within the organisation work in
order to categorise our user types. This categorisation will allow us to provide users
with a standardised ICT offering. These user types are detailed in Appendix C –
User Types.
4.5.1 User Packages
This section shows the mapping between the user types defined in Appendix C –
User Types and describes the ICT packages aligned to each type. A hardware
policy will be developed which further describes this in due course
21
Table 1 - User Packages
User Type Thin
Client or PC
Power PC
Laptop or
Tablet Smartphone Stratus
Office Worker
Office-Home Worker
-
Home Worker
-
Office-mobile Worker
-
Mobile worker
-
Technologist
-
On Call
-
VIP
-
The proposed user offerings contain the following devices:
Hybrid Device / Laptop
A modern laptop or hybrid device. Large screen sizes, better chipsets and
ergonomic keyboards means there is no difference in functionality between hybrids
and laptops, whilst the former options offer a much more lightweight solution with
greater connectivity and better battery life.
Smartphone
All Blackberry‘s have been replaced with iPhones integrated with Office 365. These
devices offer much greater functionality than our legacy Blackberry devices, whilst
retaining appropriate levels of security.
Desktop device
A traditional rich client will be provided as part of the standard ICT suite for users of
accessibility software. Key office location will also have banks of hot desks with rich
clients, as any user will be able to log in to any device this will continue to promote
the Flexible Working initiative
Exception device
Where the hybrid device is deemed unsuitable (for example if a user requires high
performance computing) then a device will be issued that meets the user’s needs.
This will be dealt with on a case-by-case basis. Apple iMac desktops are also in use
on the estate and will continue to be supported.
22
4.6 Operating System Strategy
A virtualized Windows 7 desktop is currently delivered to thin client users across the
organisation via Citrix. Laptop devices are also Windows 7 and there are a number
of Apple iPads and Apple Macintosh PC’s running various versions of iOS.
Going forward, when new devices are issued they will be using Windows 10, with an
Enterprise build – this includes thin client replacements, tablets, smartphones and
any laptops we need to issue.
4.7 Software Strategy
As a preference, Microsoft technologies will continue to be used at the operating
system and server level. As well as providing industry standard capability, this
option also provides us with the most standard migration path to cloud. It should
also be noted that Microsoft Azure supports the use of many open source software
packages and operating systems which can be considered for new projects in the
future.
User Software packages will be reviewed during the course of the next five years,
and all critical applications will be assessed for their strategic compatibility.
4.8 Datacentre Strategy
The Welsh Government currently operates two main datacentres, known as DC2
and DC3.
DC2 is located in the basement of a property rented by the Home Office in Newport
Road, and DC3 is a hall within the Mitel datacentre in Caldicot. Additionally, Welsh
Government also has servers in a number of datarooms within office locations
throughout Wales. At time of writing it is our intention to exit from DC2 as soon as
possible as it is not as purpose fit as DC3 and becomes superfluous as more
applications are moved to the cloud.
Moving forward, it is the intention to reduce the number of physical datacentres and
datarooms we use. With this in mind, WG’s strategic datacentres have been
identified as DC3 and MS Azure which will be known as DC4 (one being physical,
the other being Cloud-based). We will also require some capacity in DC1 (the data
room within CP1). It is expected that all non-strategic data-rooms will be wound
down over time, until they contain communications and management servers only.
DC3 will be our primary repository for legacy HF systems, which cannot be migrated
to the Cloud, as well as some management and communications servers. DC4 will
be our primary repository for data and applications.
23
4.9 Remote User Authentication – Stratus 2
The Future ICT team are in the process of designing and provisioning the End User
Compute (EUC) solution for the Welsh Government. Part of the EUC design and ICT
Security mandate is to provide Multi Factor Authentication (MFA) to enable remote
users to access internal resources.
Currently Welsh Government use RSA SecurID hard tokens to authenticate to the
existing remote access solutions, Stratus and XKryptor. Hard tokens, whilst secure
are cumbersome, regularly lost and costly.
It is proposed to utilise RSA’s cloud service to provide the new MFA service. This
would allow for a move to a soft token approach where the user could use their
existing corporate or personal smartphone as the authenticator. We are also
considering using a biometric approach – this is under consideration at time of
writing.
The cloud service is backward compatible with the existing RSA Authentication
Manager allowing for an easy migration path to the new Stratus 2 platform enabling
existing hard tokens to be retain until replaced by the soft token. As a large
investment has been made in RSA SecurID hard tokens, this gradual migration
approach will enable this investment to be fully utilised.
RSA’s cloud service provides biometric as well as traditional soft token
authentication. Consideration is being given to the potential value of adopting
biometric authentication as the primary method of MFA authentication, alongside an
alternative as such as soft tokens.
4.10 Application Strategy
Over the next five years, the process we will undertake with regard to our application
set, is to Migrate, Evaluate and Consolidate.
Figure 7 - Application Strategy
1. Migrate – As described later in this document, during the Transformation period,
applications will be moved to the cloud in their current state, with as little change
as possible, in order to achieve the timeframe.
2. Evaluate – Once an application has been moved to the cloud we need to
evaluate its strategic context for the organisation, in line with the principles in this
document. A strategic forum will look at each application in turn, along with the
business area using the application and look for opportunities enabled by the new
infrastructure.
3. Consolidate – In this phase, where beneficial to the organisation, we will refresh,
re-platform or retire applications identified during the evaluation period.
4.11 Supplier Strategy
In line with the emergence of the NPS, the way we purchase ICT has begun to
change; Instead of procuring mainly through the Merlin contract, WG now
increasingly uses the NPS categories that are available.
The key procurement principles we will apply are:
Making sure that we comply with the Wales Procurement Policy Statement.
Embedding the requirements of the Well Being of Future Generations Act to
deliver measurable, sustainable outcomes.
Ensuring that our procurements support the development and investment in
the economy in Wales, creating jobs and encourage Welsh suppliers to bid.
4.12 Telephony
The Unified Comms has completed roll out of VOIP telephony which replaced
traditional PBX telephony across the Welsh Government estate. As well as
increases in call quality, the cost of telephony across the estate has reduced
substantially as internal calls are routed across WG LAN and WAN infrastructure,
rather than public telephone networks. The Unified Comms project has also
delivered instant messaging, collaborative tools and video and audio conferencing
from the desktop using MS Lync. All of these features are available to all users
across all sites, thus reducing the need for travel to and from meetings and reducing
the requirement for costly video conferencing infrastructure.
4.13 Print Strategy
At time of writing, WG are currently looking at the viability of an aggregated Managed
Print Solution to cover the whole estate, moving away from a variety of purchased
and leased printers, maintained under separate arrangements.
4.14 Assisted Users
Our Strategic Principles state we will “Address the needs of our disabled service
users when developing and delivering our products and services”. What this means
in practice is that we will ensure the needs of all our users are met by the ICT
Service we provide. In order to do this we will, through the governance mechanisms
described later in the document, ensure that all new systems and any substantial
changes to systems are co-ordinated with the Disability and Awareness Support
group (DAAS). The new WG ICT Service will also have a specific function catering
for users of assistive software and ensuring we are able to provide suitable assistive
products to all our users where required. To make this manageable, a standardized
26
suite of products will be made available by consultation with DAAS and kept up to
date to ensure they remain in support from the vendor.
WG will also consider making operating system based accessibility tools such as
Magnifier and Narrator available as part of the standard package available to all
staff.
5. Strategic Workstream 1 - Transformation
5.1 Aims and Principles
The aims of the Merlin Replacement programme are:
To provide WG with its own ICT capability to service users
To migrate off legacy infrastructure and move toward the Cloud as swiftly as
possible to achieve maximum cost savings, whilst providing minimum disruption
to users and stakeholders
To review systems for appropriateness as they are migrated to determine
Ongoing relevance to the organisation
Whether the solution can be retired
Business Ownership of the solution
To provide WG with a capability to service online users in a cost effective,
convenient manner
To ensure that WG is self sufficient to provide and develop its own service
5.2 Internal ICT Capability
5.2.1 Current Arrangements
Currently the WG ICT is outsourced through the Merlin contract which is due to end
in January 2019. As part of this arrangement, the services supported by Atos range
from Service Desk and Infrastructure services to managing assets and application
support.
The Merlin contract and Atos’s service performance is managed by a small ICT team
internal to WG, whose role is to control and audit the vendor’s performance and drive
improvements accordingly. In addition to the service management role the WG ICT
team is fulfilling, the team also has a small operational team looking after services
that are outside Merlin scope such as Stratus and some other non-GSI systems.
5.2.2 Support Strategy
Our Strategy is that in January 2019, WG will have a fully functioning ITIL aligned
ICT service, which will provide the functions that until that point have been delivered
by ATOS. In order to achieve this, we will need to gradually build capability
throughout the course of the migration; i.e. when infrastructure is built or applications
moved to the Cloud, WG will need to have the capabilities ready to support them.
To be able to support these services, WG’s focus needs to be on building resources
with the right skill sets, provisioning and development of the tools required and
28
designing the IT processes. This will build the foundations of a mature ICT
organisation, which will efficiently deliver good customer service to our organisation
.
Figure 8 - ICT Service Delivery Model
5.2.3 Migration Timeframes
The transition programme’s primary aims are to provide a replacement service for
the Merlin agreement which is scheduled to expire in January 2019. The two
primary components to this are creating an ICT Support organisation and moving all
the current core applications into a Cloud based environment in order to simplify
support and simplify and refresh infrastructure prior to the end of the contract.
The timelines for the programme are illustrated below:-
Figure 9 - Migration Timeline
5.3 Target Operating Model
The Welsh Government consists of many different business areas, each dealing with
either ministerial deliverables or corporate functions. An operating model is a
simplified view of how an organisation such as ours operates.
With the transition of ICT provision from Merlin to an internal service, there are a
number of changes required to the operating model from both a technical and a
functional perspective.
The first diagram, overleaf illustrates the technical changes, showing how new
infrastructure elements will be created, and legacy infrastructure migrated.
31
Key Points
Creation of a new network domain
This new domain will be created to allow a new Welsh Government managed
network infrastructure to be setup. During the migration phase this is critical, as it
is allows a clear designation between Merlin managed and WG managed
infrastructure and applications.
Going forward, new WG users will be connected to this new domain, instead of
the legacy HF domain. This new domain will be connected to the new Cloud
based datacentre below. More importantly, it will have a “two way transitive trust”
between itself and the legacy HF domain. This means that from a user
perspective, applications can be consumed seamlessly from either the legacy
network or the new network – indeed the user will not be able to tell the location of
the service they are consuming.
It is the aim to migrate all applications into the new Cloud datacentre, however it is
known that there are some legacy systems which cannot be migrated (such as
AS400 based applications), therefore the legacy network will become minimised
until these applications are deprecated, at which point the HF network can be
switched off - to note, this does not need to be co-terminus with the Merlin
contract end as the infrastructure on the HF network is owned by WG.
Creation of a Cloud based datacentre
The new network will be connected to a Cloud-based datacentre, capable of
providing IaaS (Infrastructure as a Service) and PaaS (Platform as a Service)
capabilities – see Annex A for a definition of these. This datacentre will be the
Microsoft datacentre based in Newport. This new capability will become the
strategic hosting environment for all our applications where technically possible.
Rollout of Office 365 to all staff
Office 365 is a PaaS services we consume from the Cloud based datacentre. It
provides a Cloud based MS Exchange service which will provide all our email
requirements, using the new @gov.wales email suffix, replacing the
@wales.gsi.gov.uk suffix. Office 365 also provides the licensing model for MS
Office (Word, Excel, PowerPoint etc) as well as licensing for SharePoint, Skype
for Business, Yammer and 1TB of Cloud storage per user.
32
Replacement of Blackberry service
The ageing Blackberry service has been decommissioned and superseded by an
iPhone capability rolled out to Blackberry users. These smartphones are linked to
the Office 365 service in the new Cloud datacentre.
Migration of applications to Cloud based datacentre
Throughout the migration period, our critical applications will be prioritised and
moved into our new cloud datacentre.
6. Strategic Workstream 2 - Governance
6.1 Governance Procedures Overview
A new governance regime will be established comprising the following arrangements
6.1.1 The Solution Design Authority (SDA)
Established since March 2016, SDA is a central authority which governs and reviews
proposed solutions, ensuring they are chosen for reasons aligned with WG ICT
Principles, and that they are implemented to WG standards, architectural models
and change roadmap. The Solution Design Authority attendees are representatives
from across the business thus ensuring a view across the organisation is achieved
prior to approving a solution. Proposals are submitted to the SDA mailbox as
required, and the group will meet regularly with the remit of authorising the proposals
and of providing advice and guidance as appropriate.
6.1.2 Comprehensive Portfolio Management
The role of the Solution Leads will be extended into managing business solutions as
a portfolio of applications and systems as part of the SDA. Solution Leads will also
act as the gateway for Solution Designers within their Departments, providing advice
and governance prior to solution proposals being submitted to the SDA.
6.1.3 Project Management Structures
The Project Management Office (PMO) will take input and demand from the SDA, for
solution proposals that are approved and are to be completed by central ICT
resources (rather than in the business areas themselves).
Based on this demand, the PMO will provide resources to complete the work across:
project managers
business analysts
ICT architects
ICT engineering
Test
The PMO will, based on internal resources available, produce a programme of
projects that gives the organisation a timetable on ICT project delivery. Where the
business need is great enough, the internal project resources may be bolstered
flexibly, by assistance from third party organisations or the contract workforce to
accelerate delivery.
34
Principles
The PMO will remain aligned to the following principles:
Only do it if it adds value – we want to focus our efforts on creating tangible
outputs, rather than process for its own sake.
Decisions when they’re needed, at the right level – we want the people
closest to the subject matter to feel empowered to decide (within sensible
guidelines) and not wait until governance checkpoints such as a project board
to seek approval or endorsement
Don’t slow down delivery – those asked to fill a management or assurance
role on the project need to work at the same pace as the project team
This means that we need to adopt newer, more flexible ways of completing work,
that will use different techniques within the of the programme and project
management toolbox. It may mean that each piece of work has the potential to be
managed differently depending on:
Whether it’s critical and/or urgent
Whether it’s a high risk piece of work
Whether it’s an infrastructure or software related project
6.1.4 Programme and Project Governance
We will still use Programme and Project Boards (as advocated in ‘waterfall’ methods
such as MSP and Prince II), to provide assurance and governance so that projects
have the best chance of success. Where the project is being run more flexibly than
a traditional waterfall method, such as agile methods like Scrum or Kanban, the
project will still be expected to provide reports into whichever higher level project or
programme is sits within.
6.1.5 Methodologies
Planning and Design
All programmes and projects will be supported to achieve a fast start on work,
providing tangible deliverables as quickly as possible. Projects will be encouraged to
perform ‘just enough’ design and ‘just enough’ planning before starting build and
implementation. Techniques such as Progressive Elaboration and Rolling Wave can
provide sensible alternatives to a large and drawn out planning and design
processes.
35
Implementation
The Methodologies used by the WG ICT PMO will vary and be appropriate to the
type of project being worked on:
Infrastructure projects will more often than not be completed using waterfall
methodologies, with clear gates between sequential parts of the lifecycle such
as Requirements, Design, Build, Test and Deploy. Infrastructure projects will
also be supported to try modern methods of agile infrastructure project
delivery using Spiral approach, to assess whether speed and efficiency of
delivery is improved, working in a different way.
Software projects will be supported to use modern agile methodologies such
as Scrum or Kanban.
6.2 ICT Asset Management
To support the device strategy and ongoing cost management, data protection and
audit within WG, a full Centralised Asset Register (CAR) will be created and
maintained by the ICT Team.
The asset register will contain details of:
All devices owned by WG (including desktop, laptop, specialist, mobile)
Details of to whom devices are allocated
Details of any contracts for provision of internet connectivity
Details of any contracts for provision of telephony (mobile and fixed)
Details of support contracts for all devices (including user devices and
infrastructure)
Details of all software
Details of software licenses including costs and expiry dates
Details of all software support contracts including costs and expiry dates
6.3 ICT Financial Management
The current financial model in Welsh Government for ICT spend is diverse; some
ongoing departmental ICT costs are paid for centrally whilst some are paid for within
the department. All applications have an impact on infrastructure maintenance;
however this is paid for within ICT, without contributions from departments. During
the transformation period, Welsh Government will consider rationalising its approach
to ICT spend across the organisation, to ensure a sustainable, transparent model is
in place going forward.
ICT project spend is also departmental, however visibility of this has been much
enhanced by the introduction of the Solution Design Authority. Mechanisms for
better pipeline planning and orchestration across the estate will also be introduced.
36
Many organisations struggle to find the re-investment required to ensure that user
devices are modern and kept up to date. Some organisation have introduced a
model whereby user devices are effectively rented for an annual cost from the
central ICT function. This can help cover the costs of infrastructure support and can
also provide a contribution toward refreshing this equipment on a 3, 4 or 5 year
basis. This removes the need for large scale capital reinvestment and also large
scale business change, as the refresh can be staggered across the organisation,
thus making it incremental rather than “big bang”, This and other strategies will be
considered for ongoing user device refresh approaches.
7. Strategic Workstream 3 – Organisation
7.1 Current Arrangements
Currently the WG ICT is outsourced through the Merlin contract which is due to end
in January 2019. As part of this arrangement, the services supported by Atos range
from Service Desk and Infrastructure services to managing assets and application
support.
The Merlin contract and Atos’s service performance is managed by a small ICT team
internal to WG, whose role is to control and audit the vendor’s performance and drive
improvements accordingly. In addition to the service management role the WG ICT
team is fulfilling, the team also has a small operational team looking after services
that are outside Merlin scope such as Stratus and some other non-GSI systems.
7.2 Development of Internal Capability
As the diagram below shows, during the migration process, the vast majority of HF
services will be transferred from Merlin control to Welsh Government control.
Consequently, WG will need to develop the skills and capacity to maintain these
services, continue to improve them and ensure that they meet the organisation’s
needs as required.
Figure 11 - Transition of Atos Services to WG
38
As noted, it will therefore be necessary during this period, to grow our ICT capability
in terms of numbers (through internal transfers, external appointments and
apprenticeships) and in terms of skillsets (through training courses, self learning and
knowledge transfer).
As well as growth, robust processes based on ITIL1 and new ways of working will
need to be introduced in order to provide a professional service desk facility as well
as the other aspects required, such as service management, desktop, infrastructure
and networks support. New software tools will also be required to undertake this
service.
7.3 Support Strategy
Our Strategy is that in January 2019, WG will have a fully functioning ITIL aligned
ICT service, which will provide the functions currently delivered by ATOS.
In order to achieve this, we will need to gradually build capability throughout the
course of the migration; i.e. when infrastructure is built or applications moved to the
Cloud, WG will need to have the capabilities ready to support them.
To be able to support these services, WG’s focus needs to be on building resources
with the right skill sets, provisioning and development of the tools required and
designing the IT processes. This will build the foundations of a mature ICT
organisation, which will efficiently deliver good customer service to our organisation
The team will be built upon the current ICT Team, utilising the skills and expertise
already in place, and complementing this with new team members and apprentices.
New process will be implemented in order to manage the service, along with ITIL
standards and a Service Management Tool will be delivered to support the new
processes.
1 ITIL is a best practice framework that has been drawn from both the public and private sectors internationally. It describes
how IT resources should be organised to deliver business value, documenting the processes, functions and roles of IT Service Management (ITSM). It is considered to be best practice in government.
39
. Figure 12 - Target Operating Model
Figure 13, overleaf, illustrates how the service delivery model will look when WG
delivers its own ICT services from January 2019.
The delivery of services in ICT requires two specific functions, firstly a Service
Operations capability, with the scope of supporting end user services, the
infrastructure and applications. The second capability is Service Management – this
is the team that ensures a continuous high standard of ICT delivery, which includes
change management, continuous process improvement, asset management, vendor
management and service level management.
As shown, these two functions are assisted in their delivery by supporting teams,
which will have specific expertise in technical and service management areas.
The BAU (Business as Usual) capability will adopt processes and policies designed
by following the ITIL framework. This will help with providing for a service that is well
structured, mature and measured and will facilitate better integration with business
processes and policies.
8. Strategic Workstream 4 – Corporate ICT
8.1 Overview
Our Corporate ICT is the systems and applications that are used by most staff on a
regular basis.
This list includes applications such as:
Microsoft Outlook
iShare (our ERDMS system)
Microsoft Office (Word, Excel, PowerPoint etc.)
SAP
Intranet
Business Directory
Currently, Welsh Government has a number of applications which are used by most
staff on a daily basis. Whilst the scope of the transformation stage is to undertake a
“lift and shift” approach to migration, it is important that WG consider its strategic
choice of Corporate platforms during the migration period as many of these
applications were chosen some time ago, prior to the emergence of Cloud
technologies. The re-platforming of these applications into the cloud which will occur
during the transition period, will potentially enable much smoother migration to other
platforms as infrastructure, data and systems will be under Welsh Government
control.
Between January 2018 and January 2019, Welsh Government will meet periodically
to look at which systems need to be reconsidered in a strategic context, and whether
migration could bring business and efficiency benefits to the organisation.
9. Strategic Workstream 5 – Departmental Business Systems
9.1 Overview
At time of writing, there are a number of separate ICT organisations within WG,
which each support an application or suite of applications delivering a specific
business function. Some of these ICT organisations are small and have a limited
range of functions, whilst others offer the whole range of application development
and support, and have their own infrastructure – such as WEFO and RDP. Most of
these however are underpinned by some element of the Merlin contract.
During the Transition process, we will need to move the Departmental Business
systems which are based on physical infrastructure into the cloud and it is
anticipated this will be undertaken by the team responsible for maintaining and
supporting the system currently in liaison with the Transformation team. For
applications which are dependent upon support elements provided under Merlin,
these requirements will need to be considered when creating WG’s internal ICT
Capability with timescales aligned accordingly, in order to ensure a seamless
continuity of service.
During the migration phase, systems will be evaluated to ensure that opportunities to
gain efficiencies during the re-platforming process are taken. This may include
migrating database applications to PaaS (platform as a service) rather than
standalone implementations, or sharing cloud infrastructure already implemented for
other WG systems.
As we move forward past the migration phase, Welsh Government will continue to
move toward centralised ICT systems and services, in order to gain the benefits of
scale and resilience that a larger team affords. Once Transformation is complete,
WG will identify candidates for centralisation and establish a timeline for completion
of this activity.
10. Appendix A - Glossary of Terms
Term Definition
AGILE A method of project management, used especially for software development, that is characterized by the division of tasks into short phases of work and frequent reassessment and adaptation of plans
Android An open source operating system used predominantly in mobile phones and computers
BAU Business As Usual – in this context referring to the say to day running of ICT Systems
BYOD Bring Your Own Device – the concept of using one’s own device for work purposes
CAR Centralised Asset Register – a central log of all an organisations ICT related assets
CoCo Code of Connection – the security and physical controls an organisation must meet in order to join a network
Citrix Citrix are a software vendor, however in this context it is referring to their most ubiquitous software product which provides a managed desktop solution to users, by means of undertaking the computing in the datacentre. I.e. the actual desktop session is taking place on a server that could be some geographic distance from the user, and the users sees a representation of this activity on their thin client device.
Cloud Cloud computing is a kind of Internet-based computing that provides shared processing resources and data to computers and other devices on demand
CP(1,2) Cathays Park, buildings one and two CRM Customer Relationship Management DAAS Disability And Awareness Support group DC(1,2,3,4) Datacentre (1,2,3,4) DVLA Driver and Vehicle Licencing Agency GDS Government Digital Service – part of the Cabinet Office,
which a focus on Digital Transformation and strategy GSi Government Secure Intranet is a United Kingdom
government wide area network, whose main purpose is to enable connected organisations to communicate electronically and securely at low protective marking levels
HF The network domain name of the current Welsh Government internal network
IaaS Infrastructure as a Service is a form of cloud computing that provides virtualized computing resources over the Internet
ICT Information Communication Technology iOS An operating system used for mobile devices manufactured
by Apple Inc. iShare iShare is Welsh Government’s branding for their electronic
record and document management system, currently provided by Objective.
44
IT Information Technology ITIL ITIL is a best practice framework that has been drawn from
both the public and private sectors internationally. It describes how IT resources should be organised to deliver business value, documenting the processes, functions and roles of IT Service Management (ITSM). It is considered to be best practice in government.
LAN Local Area Network MS Microsoft NPS National Procurement Service OLA An operational-level agreement (OLA) defines the
interdependent relationships in support of a service-level agreement (SLA). The agreement describes the responsibilities of each internal support group toward other support groups, including the process and timeframe for delivery of their services.
PaaS Platform as a service (PaaS) is a category of cloud computing services that provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app
PBX Private Branch Exchange PC Personal Computer PSBA The PSBA network is a Welsh Government led
collaborative national communications service that, in conjunction with other major Welsh public sector organisations, has created a national information & communications platform to enable greater efficiency and collaborative potential, helping to support the delivery of improved services for the people of Wales.
PSN The Public Services Network (PSN) is the UK government’s high-performance network, which helps public sector organisations work together, reduce duplication and share resources. It unified the provision of network infrastructure across the United Kingdom public sector into an interconnected "network of networks" to increase efficiency and reduce overall public expenditure.
RDP Rural Development Programme SAN Storage Area Network – usually a device containing
multiple hard disks, used for large scale digital storage SAP Systems Applications and Products SDA The Solution Design Authority is a Welsh Government
forum which reviews all proposed ICT solutions across the organisation, to ensure strategic alignment and efficient use of resourcing.
SLA A Service Level Agreement is a contract between a service provider (either internal or external) and the end user that defines the level of service expected from the service
45
provider. SLAs are output-based in that their purpose is specifically to define what the customer will receive
SI System Integrator – a large scale ICT Services Provider SME Small to Medium sized Enterprise SQL Structured Query Language Stratus Stratus is the Welsh Government home worker solution
which is based on Citrix Receiver technology TB Terabyte – 1000 gigabytes. TUPE Transfer of Undertakings (Protection of Employment)
Regulations 2006 - The TUPE Regulations preserve employees' terms and conditions when a business or undertaking, or part of one, is transferred to a new employer.
VoIP Voice Over Internet Protocol WAN Wide Area Network WEFO Welsh European Funding Office WG The Welsh Government
11. Appendix B – Current Network Topology
The PSBA network is a Welsh Government led collaborative national
communications service that, in conjunction with other major Welsh public sector
organisations, has created a national information & communications platform to
enable greater efficiency and collaborative potential, helping to support the delivery
of improved services for the people of Wales.
The below diagram illustrates Welsh Governments high-level network topology
Figure 14 - Welsh Government Network Topology
As shown, the Public Sector Broadband Aggregation (PSBA) network is
predominantly being utilised as the bearer for WG’s networks with connectivity
across Wales.
More detail on PSBA from http://www.psba.org.uk/index.aspx:
“Conceived and delivered as a collaborative project with key stakeholders in Local
Government and Health and Education, the network is now used by Unitary
Authorities, Hospitals, General Practitioners, Universities, Further Education
Colleges, Emergency Services, and a growing number of organisations funded by
the public sector.
47
Connecting users since early 2008, the PSBA network delivers a wide range of
communications services, supports voice, video and data traffic, and is currently
delivering secure, fast and reliable communications to over 2000 (March 2010)
public sector sites across Wales.
This unique and innovative public sector communications service, one of the first
totally integrated Public Sector Networks (PSN) was conceived, designed, and built
in Wales to meet the specific needs of the Welsh public sector“.
12. Appendix C - User Types
Profile
Description
Office worker (working from one or more set office location at a fixed desk or hot-desk) (Fixed; Behind the Scenes; Front of house)
Customers come to location (one or more locations)
Service is delivered at a specific place
Staff need to be in that location to deliver the service
Customer or non-customer facing
May require dedicated workstation and fixed telephone
Requires access to corporate systems May require access to specialist systems
Rarely work outside of office hours
Limited opportunity to work at home
Office-home worker (working from home and one or more set office location)
Transactional/process/rules oriented
Desk based most of the time
Could be office or home based
Customer or non-customer facing
Requires access to corporate systems
May require access to specialist systems
Can work outside of office hours
Home worker (officially working from home all of the time)
Output oriented
Non-customer facing
Requires mobile ICT equipment to access corporate systems to perform their role
May require access to specialist systems
No requirement to have fixed desk in a specific location
Can work outside of office hours
Office-mobile worker (working from the office and on the move regularly) (Office everywhere; Roaming)
Output oriented
Spends time away from desk – at meetings or occasional home working
Keeps in touch with team by telephone and email
Specialists
Customer or non-customer facing
Likely to require access to specialist systems
Can work outside of office hours
Mobile worker (higher levels of mobility often with no fixed location)
Customer facing as part of investigations or fieldwork activities
49
(Field; Out and About)
Goes to customers and/or sites
Service is delivered to the customer at a specific location
Spends time away from the office or home base
Keeps in touch with team by telephone and email
Requires mobile ICT equipment to access corporate or specialist systems to perform their role
Without regular access to office facilities or mobile technology
Often have to access and capture information instantly
Can work outside of office hours
No requirement to have fixed desk in a specific location
Technologist (location variable, role specialist)
Specialists
Could be office or home based
Customer or non-customer facing
Requires access to corporate and specialist systems to perform their role
Sophisticated IT users
Rarely work outside of office hours
On Call (working from one or more set office location at a fixed desk or hot-desk and mobile when required) (Always on)
Could be office or home based
Often works on-call outside of office hours as required
Require access to corporate and specialist applications at all times
Highly responsive to all information received through multiple channels
Require good communications to others
Customer facing
VIP (Cabinet Secretaries, Counsel General)
Requires access to corporate systems
Require good communications to others
Spends time away from the office or home base
Can work outside of office hours
13. Appendix D – Strategic Case Options
Option 1 – Do Minimum
This option considers a transition of services, locating all services currently under the
scope of Merlin contract to Central WG ICT. There is an assumption that the
operating model delivered by Atos will therefore be adopted, easing transition with
minimum change impact through using a Prime Contractor.
Option 2 - Centralised ICT Services
This operating model is typically used for the purpose of controlled IT budget,
standardisation of processes and technologies and a single point for delivery of the
IT strategy to meet the organisational goals. Within this model, all of the IT functions
for Welsh Government would meet as a single IT service internal to WG, under a
centrally controlled budget for all IT services and assets (including Hardware,
Software, staff, etc.).
Option 3 - Outsourced ICT
Use an external service provider to deliver IT services to WG. This model would
typically involve contracting with a large commercial organisation to provide the ICT
service to the organisation. Remaining functions would typically include contract
management, service owner, assurance and governance. Most of these large
commercial organisations would have an established commercial model and would
already be providing similar services to other public and private sector bodies. An
alternative to this model would be to contract with a smaller vendor such as a Welsh
SME. In the marketplace currently however, there are no SMEs who currently
operate contracts of this scale, or to the level of industry compliance we would need
i.e. implementation of ITIL processes.
Option 4 - Internal ICT with outsourced functional services
This is a hybrid model whereby WG ICT retains control of key functions and delivery
and considers outsourcing where potentially beneficial. This option is proposed to
follow a service integration delivery model, with WG ICT being the service integrator.
This model looks at identifying which functions within the ICT operating model can
be retained and which can be outsourced and use a Service Integration and
management model to deliver services back to the organisation. It allows a steady
growth in in-house service adoption with increasing maturity level, whilst keeping
control of core processes and enabling automation and standardisation where fit for
purpose.
Option 5 – WG Shared Services
51
This model is typically seeking to provision IT service by sharing the funding and
resourcing with other departments within WG. This model is designed to make
optimum use of internal resources whilst centralising process and service delivery.
In this context, a Shared Service is an ICT Service provided to the business as an
internal IT provider. It acts as a separate organisation but is linked to the business
through its commitment to deliver against service levels and shares responsibility
with the business through its agreement. The ambition of these arrangements is to
reduce Total Cost of Ownership by having shared infrastructure and staff –
essentially benefits of scale. It “charges” the WG departments for the services
provided and use service level agreements to measure performance and quality of
service. In a Shared service model the systems are fully integrated with the
organisation’s systems and processes.
Option 6 – Wales Shared Services Centre – Brand Service Company
This model is sharing the funding and resourcing as an IT provider to other public
sector organisations within Wales. In this context, Welsh Government ICT becomes
the Shared Services Centre providing IT services to other public sector bodies within
Wales, emphasising on a Customer ethos, providing support in line with service
requirements and against well defined service agreements. Funding and resourcing
are shared within this model and the focus is on sharing similar services between the
separate organisations.
Option 7 - Decentralised IT/Joint Venture
This option proposes internalising IT to WG departments, potentially using a Joint
Venture approach, shifting budget control and service delivery to the Head of
Department.